| 发明名称 | Determining, without using a network, whether a firewall will block a particular network packet | ||
| 摘要 | A determination is made regarding whether a firewall will block a network packet. The network packet indicates a set of one or more characteristics. A test packet is generated that indicates the set of characteristics. The test packet is sent to the firewall without using a network. A test result is received from the firewall. The test result is stored. | ||
| 申请公布号 | US9553768(B2) | 申请公布日期 | 2017.01.24 |
| 申请号 | US201414531832 | 申请日期 | 2014.11.03 |
| 申请人 | Illumio, Inc. | 发明人 | Scott Jerry B.;Cook Daniel R.;Kirner Paul J. |
| 分类号 | G06F17/00;H04L12/24;H04L29/06 | 主分类号 | G06F17/00 |
| 代理机构 | Fenwick & West LLP | 代理人 | Fenwick & West LLP |
| 主权项 | 1. A method for validating connections of a firewall in response to changes to rules of the firewall, wherein the firewall determines whether to allow or block network packets based on the rules, the method comprising: receiving an indication of a change of rules of the firewall, the changed rules causing the firewall to block a network packet previously allowed by the firewall; accessing a set of connections of the firewall, the firewall configured to allow a network packet if the network packed is associated with an active session represented by a connection; and validating connections from the set, the validating comprising, for each connection: generating a test packet having a set of characteristics associated with the connection, the test packet indicating that the test packet should be prevented from entering the network;sending the test packet to the firewall without using a network;receiving a test result from the firewall; andresponsive to the test result indicating that the firewall is configured to block non-test packets matching characteristics of the test packet, sending a request to remove the connection. | ||
| 地址 | Sunnyvale CA US | ||