Method for propagating access policies

摘要

The present disclosure describes a network appliance and associated access policy protocol (APP) that communicates and obeys access policies within a network. The network appliance (APP node) propagates access policies to other APP nodes that can utilize the policies most effectively. When an access policy reaches the network boundary, intra network bandwidth is optimized. The access policies may be distributed and executed in the cloud—e.g. proxy firewall, proxy policy execution.

主权项

1. A method comprising:
determining a plurality of neighboring network devices; exchanging access policy protocol databases between the plurality of neighboring network devices; requesting that the plurality of neighboring network devices execute access policies contained in the exchanged access policy protocol databases; managing an active access policy protocol database and an inactive access policy protocol database at each of the plurality of neighboring network devices, wherein the active access policy protocol database and the inactive access policy protocol database are separate databases, and wherein the inactive access policy protocol database further separately maintains inactive policies originated by a network device associated with the inactive access policy protocol database and inactive policies propagated by a network device not associated with the inactive access policy protocol database; detecting that a neighboring network device is offline; and moving access control policies associated with the offline neighboring network device from the inactive access policy protocol database to the active access policy protocol database.