Firewall installer

US 8,266,685 B2
Filed: 05/18/2007
Issued: 09/11/2012
Est. Priority Date: 05/18/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a firewall installer to configure a firewall, the firewall installer comprising at least one processor programmed to;

(A) receive, at the firewall installer, a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being in a declarative form that specifies at least one firewall rule to be enforced by the firewall without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule; and

(B) in response to receipt of the set of configuration instructions in the declarative form, modify a firewall policy of the firewall, via the firewall installer, such that the firewall implements the at least one firewall rule, wherein modifying the firewall policy comprises;

(B1) determining whether the firewall is in operation,(B2) when it is determined that the firewall is in operation, communicating with the firewall to modify the firewall policy according to the set of configuration instructions, and(B3) when it is determined that the firewall is not in operation, making at least one edit to a data store comprising the firewall policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.

50 Citations

View as Search Results

18 Claims

1. A system comprising:
- a firewall installer to configure a firewall, the firewall installer comprising at least one processor programmed to;
  
  (A) receive, at the firewall installer, a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being in a declarative form that specifies at least one firewall rule to be enforced by the firewall without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule; and
  
  (B) in response to receipt of the set of configuration instructions in the declarative form, modify a firewall policy of the firewall, via the firewall installer, such that the firewall implements the at least one firewall rule, wherein modifying the firewall policy comprises;
  
  (B1) determining whether the firewall is in operation,(B2) when it is determined that the firewall is in operation, communicating with the firewall to modify the firewall policy according to the set of configuration instructions, and(B3) when it is determined that the firewall is not in operation, making at least one edit to a data store comprising the firewall policy.
- View Dependent Claims (2, 3, 4, 5, 18)
- - 2. The system of claim 1, wherein (B) further comprises:
    - identifying, based on the set of configuration instructions, a plurality of procedural steps not directly specified in the set of configuration instructions to be carried out to modify the firewall policy to implement the at least one firewall rule; and
      
      executing the plurality of procedural steps.
  - 3. The system of claim 1, wherein (B) comprises executing a plurality of procedural steps in an order that is not specified via the set of configuration instructions.
  - 4. The system of claim 1, wherein the firewall installer is located remotely from a computing device hosting the firewall.
  - 5. The system of claim 1, wherein the set of configuration instructions comprises an indicator of at least one parameter of the firewall rule.
  - 18. The system of claim 1, wherein the at least one processor is programmed to modify the firewall policy by making at least one change to a firewall rule.

6. A method of configuring a firewall via a firewall installer, the method comprising an act of:
- (A) operating at least one processor to manage at least one software component based on information specifying changes to be made to a configuration of a computing device regarding the at least one software component, wherein managing the at least one software component comprises;
  
  (A1) changing a configuration of the at least one software component on the computing device based at least in part on the information specifying the changes to be made to the configuration of the computing device, the at least one software component not being a part of the firewall or the firewall installer, and(A2) providing to the firewall installer a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being identified by the information specifying the changes to be made to the configuration of the computing device and being in a declarative form that specifies a modification to be made to a firewall policy of the firewall such that at least one firewall rule is enforced by the firewall, the set of configuration instructions in declarative form specifying the modification without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, wherein the firewall installer executes a plurality of procedural steps to configure the at least one firewall rule based on the set of configuration instructions, and wherein the act (A) comprises providing a set of configuration instructions that does not directly specify the plurality of procedural steps.
  - 8. The method of claim 6, wherein the firewall installer executes a plurality of procedural steps in an order to configure the at least one firewall rule based on the set of configuration instructions, and wherein the act (A) comprises providing a set of configuration instructions that does not directly specify the order in the set of configuration instructions.
  - 9. The method of claim 6, wherein the set of configuration instructions comprises an indicator of at least one parameter of the firewall rule.
  - 10. The method of claim 6, wherein the set of configuration instructions is an XML schema.
  - 11. The method of claim 6, wherein the act (A) of managing the at least one software component comprises providing the set of configuration instructions as part of installing the at least one software component on the computing device.
  - 12. The method of claim 6, wherein the act (A) of managing the at least one software component comprises providing the set of configuration instructions as part of uninstalling the at least one software component on the computing device.

13. At least one computer-readable storage medium encoded with instructions that, when executed by at least one computer, cause the at least one computer to perform a method, the method comprising acts of:
- (A) receiving, at a firewall installer, a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being in a declarative form that specifies at least one firewall rule to be enforced by a firewall without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule; and
  
  (B) in response to receipt of the set of configuration instructions in the declarative form, modifying a firewall policy of the firewall, via the firewall installer, such that the firewall implements the at least one firewall rule, wherein modifying the firewall policy comprises(B1) determining whether the firewall is in operation,(B2) when it is determined that the firewall is in operation, communicating with the firewall to request that the firewall modify the firewall policy according to the set of configuration instructions, and(B3) when it is determined that the firewall is not in operation, making at least one edit to a data store comprising the firewall policy without requesting that the firewall make the at least one edit.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The at least one computer-readable storage medium of claim 13, wherein (B) comprises executing a plurality of procedural steps that are not directly specified via the configuration instructions.
  - 15. The at least one computer-readable storage medium of claim 13, wherein (B) comprises executing a plurality of procedural steps in an order that is not specified via the configuration instructions.
  - 16. The at least one computer-readable storage medium of claim 13, wherein the set of configuration instructions comprises an indicator of at least one parameter of the firewall rule.
  - 17. The at least one computer-readable storage medium of claim 13, wherein (B3) comprises editing at least one file of a file system based on the set of configuration instructions when the firewall is not in operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Abzarian, David, Yariv, Eran, Paleologu, Emanuel, Diaz Cuellar, Gerardo, Carbaugh, Ian
Primary Examiner(s)
ZIA, SYED

Application Number

US11/804,409
Publication Number

US 20080289026A1
Time in Patent Office

1,943 Days
Field of Search

None
US Class Current

726/11
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 8/61   Installation

G06F 9/44505   Configuring for program ini...

H04L 41/0806   for initial configuration o...

H04L 41/082   the condition being updates...

H04L 63/0263   Rule management

Firewall installer

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall installer

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links