Systems and methods for the rapid deployment of network security devices

US 8,799,992 B2
Filed: 10/24/2012
Issued: 08/05/2014
Est. Priority Date: 10/24/2012
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a security server configured to associate an identifier of a network security device with a deployment package for the network security device, wherein the deployment package comprises an authentication credential, and wherein the security server is configured to provide the deployment package to a network security device over a network in response to a request from the network security device received over the network that comprises the device identifier of the network security device;

a computer-readable storage medium that stores a production configuration for the network security device, the production configuration comprising a deployment-specific security policy comprising one or more deployment-specific configuration parameters for the network security device; and

a management server configured to associate the device identifier of the network security device with the stored production configuration,wherein the management server is configured to receive a request for the production configuration from the network device, the request comprising the identifier of the network security device, to authenticate the request by use of the authentication credential provided to the network security device in the deployment package, and provide the production configuration associated with the device identifier of the network security device in response to authenticating the network security device,wherein the deployment package comprises a feature key that defines one or more licensed features of the network security device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A configuration service comprises a deployment package and a production configuration for a network security device. One or more configuration parameters of the production configuration may be defined by an administrator of the network security device (e.g., the customer). The network security device may be preconfigured with a network address and identifier. The network security device may be configured to automatically request and apply the deployment package at deployment time by use of the preconfigured network address and identifier. The network security device may automatically request and apply the production configuration from the configuration service in response to applying the deployment package.

16 Citations

View as Search Results

18 Claims

1. A system, comprising:
- a security server configured to associate an identifier of a network security device with a deployment package for the network security device, wherein the deployment package comprises an authentication credential, and wherein the security server is configured to provide the deployment package to a network security device over a network in response to a request from the network security device received over the network that comprises the device identifier of the network security device;
  
  a computer-readable storage medium that stores a production configuration for the network security device, the production configuration comprising a deployment-specific security policy comprising one or more deployment-specific configuration parameters for the network security device; and
  
  a management server configured to associate the device identifier of the network security device with the stored production configuration,wherein the management server is configured to receive a request for the production configuration from the network device, the request comprising the identifier of the network security device, to authenticate the request by use of the authentication credential provided to the network security device in the deployment package, and provide the production configuration associated with the device identifier of the network security device in response to authenticating the network security device,wherein the deployment package comprises a feature key that defines one or more licensed features of the network security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The configuration service of claim 1, wherein the deployment package further comprises one or more of a feature key configured to define one or more licensed features of the network security device, a network address of the management server, a certificate of the management server.
  - 3. The configuration service of claim 1, wherein the deployment package is configured to configure the network security device to accept the production configuration from the management module.
  - 4. The configuration service of claim 1, wherein the device identifier comprises a serial number.
  - 5. The configuration service of claim 1, wherein the management module is configured to delete the production configuration associated with the network security device after a predetermined time period.
  - 6. The configuration service of claim 1, further comprising a configuration wizard configured to provide for defining the production configuration, wherein the configuration wizard provides for specifying the one or more configuration parameters specific to the deployment of the network security device.
  - 7. The configuration service of claim 1, wherein the network security device is configured to:
    - request the deployment package from the security module in response to the network security device powering on and/or being communicatively coupled to a network;
      
      request the production configuration from the management server in response to applying the deployment package; and
      
      apply the production configuration in response to receiving the production configuration from the management server.
  - 8. The configuration service of claim 7, wherein the network security device comprises a machine-readable storage media that is preconfigured with a network address of the security server and a device identifier, and wherein the network security device is configured to request the deployment package from the security server in accordance with the preconfigured network address and device identifier.
  - 9. The configuration service of claim 1, wherein requesting the production configuration comprises establishing a secure communication channel with the management server by use of the authentication credential.
  - 10. The configuration service of claim 1, wherein requesting the production configuration comprises establishing a secure communication channel with the management server by use of a credential provided in the deployment package.
  - 11. The configuration service of claim 1, wherein the security module is configured to issue a notification to the administrator of the network security device in response to providing the deployment package to the network security device.
  - 12. The configuration service of claim 1, wherein the management module is configured to issue an email to a predetermined recipient in response to providing the production configuration to the network security device.

13. A method for automatically configuring a network security device, comprising:
- associating, within a management server, an identifier of a network security device with a deployment package and a production configuration, the production configuration comprising a deployment-specific security policy comprising one or more deployment-specific configuration parameters for the network security device;
  
  providing the deployment package to the network security device over a network in response to a request from the network security device received over the network, the request comprising the identifier of the network security device, wherein the deployment package comprises an authentication credential;
  
  authenticating a request for a production configuration from the network security device by use of the authentication credential provided to the network security device in the deployment package; and
  
  providing the production configuration to the network security device in response to authenticating the request from the network security device, wherein the production configuration comprises a configuration of one or more security features of the network security device,wherein the deployment package comprises a feature key that defines one or more licensed features of the network security device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, wherein the deployment package comprises a username and password of an administrator account on the network security device.
  - 15. The method of claim 13, wherein the authentication credential comprises a shared secret, and wherein authenticating the request for the production configuration comprises establishing a secure connection between a management server and the network security device by use of the shared secret.
  - 16. The method of claim 15, wherein the deployment package comprises a public key certificate configured to provide for authenticating the management server.
  - 17. The method of claim 13, further comprising generating the production configuration based on one or more configuration parameters provided by an administrator of the network security device.
  - 18. The method of claim 13, wherein activating comprises assigning the feature key to the network security device in accordance with one or more licensed features of the network security device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WatchGuard Technologies Incorporated (Gladiator Corporation)
Original Assignee
WatchGuard Technologies Incorporated (Gladiator Corporation)
Inventors
Marvais, Nick, Wang, Sin-Yaw, Bothwell, Lee W., McLaren, Shari Marlie, Klorese, Roger Brian Alan, Aguirre, Johnni M., Smith, William James, Wang, Yong, Zhang, Han, Wallen, Todd Alan
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
HOLMES, ANGELA R

Application Number

US13/659,101
Publication Number

US 20140115655A1
Time in Patent Office

650 Days
Field of Search

709/220, 709/223, 709/226, 726/1
US Class Current

726/1
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06F 3/061   Improving I/O performance

G06F 8/60   Software deployment

G06F 8/76   Adapting program code to ru...

G06F 9/4401   Bootstrapping security arra...

H04L 41/0803   Configuration setting

H04L 41/0809   Plug-and-play configuration

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/28   Restricting access to netwo...

H04L 61/00   Network arrangements, proto...

H04L 63/20   for managing network securi...

Systems and methods for the rapid deployment of network security devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for the rapid deployment of network security devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links