公开(公告)号：US08516241B2

公开(公告)日：2013-08-20

申请号：US13180678

申请日：2011-07-12

Applicant: David Chang ,  Abhijit Patra ,  Nagaraj Bagepalli ,  Rajesh Kumar Sethuraghavan

Inventor： David Chang ,  Abhijit Patra ,  Nagaraj Bagepalli ,  Rajesh Kumar Sethuraghavan

IPC: H04L1/14 ,  H04L29/08 ,  H04L29/02

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L29/08927 ,  H04L29/08972 ,  H04L49/356 ,  H04L49/70 ,  H04L63/0218 ,  H04L63/0227

Abstract: Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

公开(公告)号：US20130019277A1

公开(公告)日：2013-01-17

申请号：US13180678

申请日：2011-07-12

Applicant: David Chang ,  Abhijit Patra ,  Nagaraj Bagepalli ,  Rajesh Kumar Sethuraghavan

Inventor： David Chang ,  Abhijit Patra ,  Nagaraj Bagepalli ,  Rajesh Kumar Sethuraghavan

IPC: G06F21/00

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L29/08927 ,  H04L29/08972 ,  H04L49/356 ,  H04L49/70 ,  H04L63/0218 ,  H04L63/0227

Abstract: Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.