Zone-Based Firewall Policy Model for a Virtualized Data Center

摘要

Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

主权项

1. A method comprising:
at a virtual network device comprising a plurality of virtual machines (VMs), storing a set of zone rules that define a security zone having a zone name, the security zone being applicable to each of the VMs that satisfy a set of conditions, including VM attributes, specified by the zone rules; generating a zone-based virtual firewall policy that applies to the VMs in the security zone, the zone-based virtual firewall policy having a set of one or matching criteria that when met allow an action to be performed with respect to inter-zone traffic, the matching criteria including the zone name such that the security zone itself is part of the zone-based virtual firewall policy; associating inter-zone traffic with the security zone based on the inter-zone traffic satisfying the set of the conditions of the zone rules of the security zone; and allowing the action to be performed with respect to the inter-zone traffic associated with the security zone in response to determining that the inter-zone traffic meets the matching criteria of the zone-based virtual firewall policy.